Previous versions of the fetchmail package may crash when attempting
to deliver an internal warning or error message through an untrusted
or compromised SMTP server, leading to a possible Denial of Service. Previous versions of the fetchmail package may crash when attempting
to deliver an internal warning or error message through an untrusted
or compromised SMTP server, leading to a possible Denial of Service.

Previous versions of the tar package are vulnerable to an attack in
which unpacking an intentionally-malformed tar archive can overwrite
arbitrary files to which the user running tar has write access. If the
attacking user knows the name of a vulnerable binary file and overwrites
it, this allows the attacker to place arbitrary code on the system which
is likely to be run. If root is running tar, this includes any file on
the system, which would elevate this to an indirect non-deterministic
remote root unauthorized access vulnerability.

Previous versions of the openssl package are vulnerable to an
attack in which a local attacker may be able to discover another
user's RSA private key by watching another running process using
that key.